Martial Arts Australia - Industry Body Serving All Styles

MARTIAL ARTS AUSTRALIA
PRIVACY POLICY

1. Introduction

This Privacy Policy explains how Martial Arts Australia ("the Association") collects, uses, and protects your personal and health information. We are committed to meeting the Australian Privacy Principles (APPs) and the Notifiable Data Breaches (NDB) scheme.

2. Types of Information Collected

2.1 Personal Information

Names, addresses, phone numbers, emergency contacts, but do not store billing details as card details are taken securely through 'Stripe'

2.2 Sensitive (Health) Information

As an association providing some training and educational services, we may collect medical history, injury records, physical assessment data, for accessibility to a tournament, special training seminars, gradings, camps / retreats (weight, heart rate, medication taken, allergic reactions etc) and fitness goals. MAA only uses this health information to qualify and give feedback to a participant if required for an event. Health related data is deleted after 30 days, leaving just the waiver form for insurance purposes. Collection of this data requires your express consent.

3. Purpose of Collection

Data is collected to ensure safety during training, customize seminars / workshops / camps / retreats programming, processing memberships, waiver forms, incident reporting and comply with insurance requirements.

4. Data Storage and Security

We take significant technical and organizational measures to protect data, including:

-Encryption of all digital records via our ClubManager software

-Mandatory Multi-Factor Authentication (MFA) for staff access.

-Limited access (staff only see data required for their specific role).

-Our computers have 24/7 monitoring by a external IT security company.

- We back up data weekly using both cloud and offline SSD drives.

5. Disclosure of Information

We do not sell your data. We only disclose data to third-party providers (e.g., booking software, billing platforms) who are also compliant with Australian Privacy Laws. We will not ask for your credit card details over the phone only via our ‘Stripe’ automated payment gateway when purchasing memberships, courses and events. On rare occassions we will provide refunds back to you a person's bank account if not accepted via Stripe. If this happens, you may verify who we are by calling and speaking directly with one of our team members.

We will not speak to or respond to an email regarding an account, membership or other service, without the person being identified as an authorised person to speak with. If someone contacts you stating they are from our office, you may ask for verification from us as well.

6. Your Rights

You have the right to access your data, request corrections, or withdraw consent for health data tracking at any time. Under the 2026 Statutory Tort, you have a right to privacy that we are legally bound to uphold.

7. Data Breach Notification

In the event of a data breach likely to result in serious harm, we will notify you and the OAIC as soon as practicable, within the 30-day legal assessment window. We will also inform clients/members who maybe impacted in such a breach.

We will also employ a specialist cyber security company via our insurance, to find the hacker's access point, then pursue data suppression and recovery.

8. Photos and Video Taken

We ask permission at all our events if anyone does not want to be filmed or included in photos. We use such images to showcase an event and the athletes, via social media, magazines, tv programs and our websites.

9. Cross-Border / Overseas Data Disclosures

Under Australian Privacy Principle (APP) 8, we are legally required to state whether your data is likely to be sent or stored overseas.

Our Policy: We utilize cloud-based management systems and payment processors (including Stripe and ClubManager) which back up and host data securely on global infrastructure. This data is primarily stored within Australia, but components may be processed in countries where these global tech infrastructure hubs reside (such as the United States & UK). We ensure all our global providers maintain strict security protocols that align with Australian privacy standards.

10. Transparency with Children’s and Minors' Data

Our Policy: We collect and hold data relating to children (under 18) strictly for registration, grading, insurance eligibility, and safety purposes. We require the explicit, informed consent of a parent or legal guardian before any data or medical information of a minor is processed, stored, or utilized for event participation.

11. Privacy Complaints Handling Procedure

Our Policy: If you have any questions, concerns, or complaints about how we handle your personal information, please contact our Privacy Officer directly at [03 8601 1124]. We take all privacy complaints seriously and will investigate and respond to your query in writing within 30 days. If you remain unsatisfied with our response, you retain the right to lodge a formal complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

12. Automated Decision-Making (ADM) and Marketing Tracking

Our Policy: We do not use fully automated artificial intelligence or decision, making tools that significantly affect your legal rights. Our website may use standard cookies and analytics tracking tools to improve user experience. You have the right to opt-out of marketing communications or tracking at any time by clicking "unsubscribe" or adjusting your web browser settings.